Login

GLSA-201711-12 : eGroupWare: Remote code execution

High Nessus Plugin ID 104520

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201711-12 (eGroupWare: Remote code execution) It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact : A remote attacker could execute arbitrary code, delete arbitrary files or inject arbitrary PHP objects via multiple routes. Workaround : There is no known workaround at this time.

Solution

Gentoo has discontinued support for eGroupWare and recommends that users unmerge the package: # emerge --unmerge 'www-apps/egroupware'